REMARKS 

Claims 6-46 were pending at last examination. Claims 6-9, 31-39, and 43-45 
have been amended. Claims 47-54 have been added. No claims were cancelled. 



Rejection Clarification 

Claims 6-46 were pending at last examination, however, only claims 6-30 were 
examined. Applicant paid for the new claims with check number 4822 along with the 
response to the Office Action filed on 5/9/06. However, in the response to the Office 
Action filed on 5/9/06, Applicant erroneously indicated in the remarks section that 
only claims 6-30 were pending. Applicant wishes to apologize for the confusion and 
respectfully requests that pending claims 6-46 be examined. 

Claims 22, 23, and 24 were rejected in part based on "Cisco, create a PVC, 
page 1 5". Applicant respectfully submits that "Cisco-Radius Commands" is silent 
regarding PVC; in fact, "Cisco-Radius Commands" is only 3 pages long. Similarly, 
claim 24 was also rejected in part based on "Cisco, configure structure, page 56". 
Applicant respectfully submits that "Cisco-Radius Commands" is silent regarding 
configure structure; in fact, "Cisco-Radius Commands" is only 3 pages long. 
Applicant assumes the Office Action is referring to "Cisco - ATM commands", but 
this is not indicated in the Office Action. Applicant respectfully requests clarification 
if these rejections are maintained. 

Claim Rejections - 35 USC 1 12 
Claim 1 is rejected under 35 USC 112 second paragraph as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. The Office Action specifically objects to "a first binding data 
structure in the memory which binds the first network interface to the first sub- 
interface data structure." The Office Action interprets any data structure as being the 
first binding data structure and any network interface as the first network interface. 
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Applicant respectfully submits that claim 1 was cancelled in previous 
responses. Therefore, Applicant assumes that claim 6, not claim 1 5 is rejected under 
35 USC 1 12, as claim 6 included this language. 

Applicant respectfully submits that amendments to claim 6 have overcome this 
rejection. 



Rejections under 35 USC § 103(a) 

Applicant's claims 6-30 have been rejected under 35 U.S.C. § 103(a) as being 
obvious over U.S. Patent No. 5,825,772 issued to Dobbins et al. in view of Cisco et al 
("Radius Commands"). Applicant does not admit Dobbins is prior art and reserves the 
right to swear behind the reference at a later date. 

Claim 29 

Applicant's claim 29 is directed towards a subscriber management system 
comprising: 

a network device including an electronic memory encoded with multiple 
respective virtual routers in the memory, said respective virtual routers 
including corresponding respective network databases which include respective 
control information, said respective virtual routers respectively including at 
least one respective network interface to a respective network domain ; 

respective subscriber records in an electronic memory that include 
respective information as to network domains to which respective subscriber 
end stations of respective subscribers may be bound ; 

multiple respective sub-interface data structures in the electronic memory 
respectively associated with respective subscribers; 

a computer program in electronic memory that searches respective 
subscriber records to identify respective network domains that may be accessed by 
respective subscriber ends stations of respective subscribers; and 

respective binding data structures that respectively bind respective 
sub-interface data structures associated with respective subscribers to 
respective network interfaces to respective network domains identified from 
searching respective subscriber records . 



Attorney's Docket No. 4906.P001D 



24 



App. No. 10/020,388 



Thus, claim 29 requires multiple virtual routers in a network device each 
including a network interface to a network domain and where subscriber records include 
information as to network domains to which subscriber end stations of respective 
subscribers may be bound. Further, claim 29 requires binding data structures that 
respectively bind respective sub-interface data structures associated with respective 
subscribers to respective network interfaces to respective network domains identified 
form searching respective subscriber records. 

The combination of Dobbins and Radius Commands does not describe the above 
limitations. Dobbins describes a distributed switching model where each switch is 
capable of processing all aspects of call processing and switching functionality (col. 2, 
lines 39-42). Each switch in the domain maintains a "virtual directory" which contains 
complete mappings of all known users within the domain (col. 3 lines 60-67 thru col. 4 
lines 1-9). The switched domain also allows interconnectivity between legacy networks 
through the use of "virtual router agents" (col. 6, lines 35-38). The virtual router agents 
process the route and service advertisements they receive from multi-protocol routers and 
servers attached to the switch (col. 6, lines 35-40). The switch then summarizes and 
collapses the external networks, routes, and services to only the "best" routes in order to 
provide a best path to a network or server outside of the switched domain (col. 6, lines 
40-46). Dobbins also describes a switch using Address Resolution Protocol (ARP) to 
resolve physical hardware addresses that are located remotely from the switch. However, 
the "virtual router agent" of Dobbins does not correspond to a unique network domain. 
Rather, the "virtual router agent" is located within a switch of the switched domain and is 
used for resolving the reachability of destinations that are outside the switched domain. 

Radius Commands describes configuring a router to transmit all outgoing 
RADIUS commands through a specific router interface (Radius Commands, p.l). For 
example, Radius Commands describes configuring a router to transmit all outgoing 
RADIUS commands through a specific router interface (Radius Commands, p.l). As 
another example, Radius Commands describes setting authentication and encryption keys 
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for all RADIUS communications between a router and the RADIUS daemon (Radius 
Commands, p. 2). 

Nonetheless, neither Dobbins nor Radius Commands describe multiple virtual 
routers within a network device where each virtual router includes at least one network 
interface for a respective network domain and where subscriber records include 
information as to which respective subscriber end stations of respective subscribers 
may be bound . Further, Dobbins does not describe binding data structures that 
respectively bind sub-interface data structures associated with respective 
subscribers to respective network interfaces to respective network domains 
identified from searching respective subscriber records . 

By way of example and not limitation, the network device of Applicant may bind 
a layer 1/2 connection associated with a subscriber to a particular virtual network 
machine according to an associated subscriber record and dynamically change the binding 
to another virtual network machine according to a change in the subscriber record. As 
another example, the subscriber record may provide multiple possible binding options for 
the subscriber. For instance, a subscriber record may specify the subscriber being bound 
to a particular virtual network machine which provides network access to a corporate 
private network during business hours while also specifying the subscriber to be bound to 
a different virtual network machine that provides network access to a different network 
during non-business hours (Spec, page 22, lines 23-29). Thus, the bindings may be 
dynamically changed. 

Claim 24 

Applicant's claim 24 is directed towards a method of "creating links between 

multiple subscriber end stations and multiple network domains comprising: 

providing a network device including an electronic memory 
encoded with multiple respective virtual routers , said respective virtual 
routers including respective corresponding network databases which 
include respective control information, said respective virtual routers 
respectively each including at least one respective network interface 
for a respective network domain ; 
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providing respective subscriber records in an electronic memory 
that include respective information as to network domains to which 
respective subscriber end stations of respective subscribers may 
access ; 

providing multiple respective sub-interface data structures in the 
electronic memory respectively associated with respective subscribers ; 

searching respective subscriber records to identify respective 
network domains that may be accessed by a respective subscriber end 
station of a respective subscriber ; and 

creating respective binding data structures that respectively 
bind respective sub-interface data structures respectively associated 
with respective subscribers to respective network interfaces for 
respective network domains identified from searching respective 
subscriber records . 

Thus, Applicant's claim 24 requires multiple virtual routers within a network 
device where each virtual router includes at least one network interface for a respective 
network domain and where subscriber records include respective information as to which 
network domains respective subscriber end stations of respective subscribers may access. 
Claim 24 further requires providing multiple sub-interface data structures associated with 
respective subscribers and searching subscriber records to identify respective network 
domains that may be accessed by a respective subscriber end station of a respective 
subscriber. 

The combination of Dobbins and Radius Commands does not describe the above 
limitations. As per above, neither Dobbins nor Radius Commands describe multiple 
virtual routers within a network device where each virtual router includes at least one 
network interface for a respective network domain and where subscriber records ' 
include information as to which respective subscriber end stations of respective 
subscribers may be bound . Further, Dobbins does not describe binding data 
structures that respectively bind sub-interface data structures associated with 
respective subscribers to respective network interfaces to respective network 
domains identified from searching respective subscriber records . 

By way of example and not limitation, the network device of Applicant may bind 
a layer 1/2 connection associated with a subscriber to a particular virtual network 
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machine according to an associated subscriber record and dynamically change the binding 
to another virtual network machine according to a change in the subscriber record. As 
another example, the subscriber record may provide multiple possible binding options for 
the subscriber. For instance, a subscriber record may specify the subscriber being bound 
to a particular virtual network machine which provides network access to a corporate 
private network during business hours while also specifying the subscriber to be bound to 
a different virtual network machine that provides network access to a different network 
during non-business hours (Spec, page 22, lines 23-29). Thus, the bindings may be 
dynamically changed. 

Claim 18 

Applicant's claim 1 8 is directed towards a mechanism of creating a link in a 
network domain where u a network device including an electronic memory encoded with a 
first virtual router which includes at least one first network interface and with a_ 
second virtual router which includes at least one second network interface " is 
provided, a first and second "sub interface data structure encoded in the electronic 
memory" is provided, and the " first network interface" is bound to the "first sub- 
interface data structure " and the "second network interface" is bound to the "second 
sub-interface data structure.". Thus, applicant requires two virtual routers within a 
network device , with each virtual router including a separate network interface and 
bound to a separate sub-interface data structure . 

The combination of Dobbins and Radius Commands does not describe the above 
limitations. As per above, neither Dobbins nor Radius Commands describe two virtual 
routers within a network device with each virtual router including a separate 
network interface and bound to a separate sub-interface data structure . 

Claims 6, 8, 10 

Applicant's amended claim 6 is directed towards a network device comprising "at 
least one virtual router" in memory where the "at least one virtual router including a 
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network interface, wherein the at least one virtual router is associated to an unique 
network domain ", a "sub-interface data structure in the memory; and a binding data 
structure in the memory which binds the network interface to the sub-interface data 
structure ". Thus, Applicant's amended claim 6 requires a virtual router in memory 
which includes a network interface, a sub-interface data structure in the memory that 
is bound to the network interface of the virtual router by a binding data structure , 
where the virtual router corresponds to a unique network domain. 

Applicant's amended claim 8 is directed towards an electronic coded memory 
with "at least one virtual router, said at least one virtual router including a network 
interface, where the at least one virtual router is associated to an unique network 
domain ; a sub-interface data structure; and a binding data structure which binds the first 
network interface to the first sub-interface data structure ". Thus, Applicant's 
amended claim 8 requires a virtual router in memory which includes a network interface, 
a sub-interface data structure in the memory that is bound to the network interface 
of the virtual router by a binding data structure, where the virtual router corresponds to 
a unique network domain. 

Applicant's claim 10 is directed towards "creating a link in at least one network 
domain " where "a network device including an electronic memory encoded with at least 
one virtual router which includes at least one network interface" is provided, and "at 
least one sub-interface data structure" is bound to "the at least one network interface". 

The combination of Dobbins and Radius Commands does not describe the above 
limitations. The combination would have the switched domain that uses "virtual router 
agents" to process route and service advertisements and uses ARP to learn physical 
hardware addresses of remote switches while forcing RADIUS commands to be 
transmitted out a particular interface. However, the combination does not describe a. 
binding data structure that binds a network interface of a virtual router to a sub- 
interface data structure, where the virtual router corresponds to a unique network 
domain. 
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The Applicant respectfully submits that the dependant claims are allowable for 
at least the reason that they are dependent on an allowable independent claim. 



CLAIMS NOT EXAMINED 

As previously described, claims 31-46 were added during the last response (Office 
Action response 5/9/2006) but were not examined. Applicant respectfully submits that 
claims 3 1-46 are not described by the combination of Dobbins and Radius Commands. 

Claim 39 

Applicant's amended claim 39 is directed towards an apparatus comprising: 

a single network device including, 

a set of one or more processors; 

a first plurality of ports to communicate packets of a plurality of 
subscribers; 

a second plurality of ports to communicate packets; and 
a machine-readable medium having stored therein a set of instructions to 
cause the set of processors to, 

instantiate a plurality of virtual network machines , wherein the 
plurality of virtual network machines are virtually independent but share a 
set of physical resources within the single network device, wherein each 
of the plurality of virtual network machines is one of a virtual router 
and a virtual bridge , and wherein each of the plurality of virtual 
network machines belong to a network domain , 

receive subscriber records associated with the plurality of 
subscribers, wherein each of the plurality of subscribers are associated 
with a virtual circuit on one of the first plurality of ports, wherein each 
of the first and second plurality of ports is associated with one or 
more sub-interfaces, and wherein each of the virtual circuits is associated 
with one of the sub-interfaces associated with the one of the first plurality 
of ports that the virtual circuit is on, and 

dynamically bind a set of one or more network interfaces of each 
of the virtual network machines to a set of one or more of the sub- 
interfaces , such that each of the virtual circuits is communicatively 
coupled with one of said plurality of virtual network machines based on 
the subscriber record of the subscriber associated with that virtual 
circuit and such that at least some of the virtual network machines are 
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communicatively coupled to one of the second plurality of ports, wherein 
the bindings are represented with a plurality of data structures. 

Thus, amended claim 39 requires a single network device to instantiate a plurality 
of virtual network machines that share a set of physical resources of the network device, 
where each virtual network machine is either a virtual router or a virtual bridge belonging 
to a network domain. Furthermore, claim 39 requires the network device to receive 
subscriber records associated with a plurality of subscribers, where each of the 
subscribers are associated with a virtual circuit on one of a plurality of ports, wherein 
each port is associated with one or more sub-interfaces. Furthermore, claim 39 requires a 
set of one or more network interfaces of each of the virtual network machines to be 
dynamically bound to a set of one or more sub-interfaces such that each of the virtual 
circuits is communicatively coupled with one of the plurality of virtual network machines 
based on the subscriber record of the subscriber associated with that virtual circuit. 

The combination of Dobbins and Radius Commands does not describe the above 
limitations. As per above neither, Dobbins nor Radius Commands describe, in a single 
network element, dynamically binding a set of one or more network interfaces of 
each of a plurality of virtual network machines to a set of one or more sub- 
interfaces . Nor does the combinations describe a " plurality of virtual network 
machines , wherein the plurality of virtual network machines are virtually independent but 
share a set of physical resources within the single network device" or "the plurality of 
virtual network machines is one of a virtual router and a virtual bridge, and wherein 
each of the plurality of virtual network machines belong to a network domain ..." 

Claim 31 

Claim 31 is directed to a network device comprising "memory; I/O; at least one 
virtual bridge in the memory" which includes "a first network interface"; a "first sub- 
interface data structure" that is bound to the "first network interface" by a "first binding 
structure". 
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The combination of Dobbins and Radius Commands does not describe the above 
limitations. As per above, neither Dobbins nor Radius Commands describe a virtual 
bridge with a network interface that is bound to a sub-interface data structure. 

The combination of Dobbins and Radius Commands would have the switched 
domain that uses "virtual router agents" to process route and service advertisements and 
uses ARP to learn physical hardware addresses of remote switches while forcing 
RADIUS commands to be transmitted out a particular interface. However, the 
combination does not describe a virtual bridge , as claimed, with a network interface that 
is bound to a sub-interface data structure. 



Claim 33 

Applicant's claim 33 is directed towards an apparatus comprising: 

a single network device including, 

a set of one or more processors; 

a first physical interface, the first physical interface coupled 
to a network; and 

a machine-readable medium having stored therein a set of 
instructions to cause the set of one or more processors to instantiate a 
first virtual router comprising a network interface and a first 
database , to instantiate a second virtual router comprising a network 
interface and a second database, and to bind with a data structure the first 
virtual router network interface to the first physical interface, wherein the 
first virtual router routes packets according to the first database 
within a first network domain through the first virtual router network 
interface and the first physical interface, the second virtual router routes 
packets according to the second database within a second network 
domain. 



As previously described, the combination of Dobbins and Radius Commands does 
not teach or suggest multiple virtual routers within a single network device where 
each virtual router belongs to separate network domains . 



Attorney's Docket No. 4906.P001D 



32 



App. No. 10/020,388 



Claim 35 



Applicant's claim 35 is directed towards an apparatus comprising: 

a single network device including, 

a set of one or more processors; and 
a machine-readable medium having stored therein a set of 
instructions to cause the set of one or more processors to instantiate a 
first virtual router comprising a network interface and a first 
database , to instantiate a second virtual router comprising a network 
interface and a second database, and to bind with a data structure the first 
virtual router network interface to a first virtual circuit wherein the 
first virtual router routes packets according to the first database 
within a first network domain through the first virtual router network 
interface and the first virtual circuit and the second virtual router routes 
packets according to the second database within a second network 
domain . 

As previously described, the combination of Dobbins and Radius Commands does 
not teach or suggest multiple virtual routers within a single network device where 
each virtual router belongs to separate network domains . 

Claim 37 

Applicant's claim 37 is directed towards an apparatus comprising: 

a single network device including, 

a set of one or more processors; and 
a machine-readable medium having stored therein a set of 
instructions to cause the single network device to instantiate a first virtual 
bridge comprising a network interface and a first database, to instantiate a 
second virtual bridge comprising a network interface and a second 
database, and to bind with a data structure the first virtual bridge 
network interface to a first virtual circuit , wherein the first virtual 
bridge switches packets according to the first database within a first 
network domain through the first virtual bridge network interface and the 
first virtual circuit and the second virtual bridge switches packets 
according to the second database within a second network domain . 

As previously described, the combination of Dobbins and Radius Commands does 
not teach or suggest multiple virtual bridges within a single network device where 
each bridge switches packets within separate network domains . 
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The Applicant respectfully submits that the dependant claims are allowable for at 
least the reason that they are dependent on an allowable independent claim. 

NEW CLAIMS 

Claims 47-54 have been added. Applicant respectfully submits that the new 
claims are in condition for allowance. In particular, new independent claim 47 is directed 
towards an apparatus comprising: 

Claim 47 

An apparatus comprising: 

a single network device including, 

a set of one or more processors; 

a plurality of ports to communicate a plurality of independent 
information flows of packets through the single network device 
between a plurality of end stations ; and 

a machine-readable medium having stored therein a set of 
instructions to cause the set of processors to, 

instantiate a plurality of virtual network machines to forward the 
plurality of information flows through the single network device, wherein 
the plurality of virtual network machines are virtually independent but 
share a set of physical resources within the single network device, 
wherein each of the plurality of virtual network machines is one of a 
virtual router and a virtual bridge , wherein the plurality of virtual 
network machines belong to different network domains with 
accounting for different administrative authorities , wherein each of the 
virtual network machines include one or more network interfaces, and 
wherein each of the plurality of ports is associated with one or more sub- 
interface data structures, and 

dynamically bind , with a plurality of binding data structures, the 
network interfaces of each of the virtual network machines to different 
ones of the sub-interface data structures to couple each of the 
plurality of information flows to a currently appropriate one of the 
plurality of virtual network machines based on current authorization 
of that information flow , and wherein the bindings are dynamic based on 
a change in the authorization of each of the plurality of information flows. 
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Thus, amended claim 47 requires a single network device to instantiate a plurality 
of virtual network machines that share a set of physical resources of the network device, 
where each virtual network machine is either a virtual router or a virtual bridge belonging 
to a network domain. Furthermore, claim 47 requires a set of one or more network 
interfaces of each of the virtual network machines to be dynamically bound to a set of one 
or more sub-interfaces such that couple each of the plurality of information flows to a 
currently appropriate one of the plurality of virtual network machines based on current 
authorization of that information flow. 

The combination of Dobbins and Radius-Commands does not describe the above 
limitations. As per above, neither Dobbins nor Radius Commands describe, in a single 
network element, dynamically binding a set of one or more network interfaces of 
each of a plurality of virtual network machines to a set of one or more sub- 
interfaces . Nor does the combinations describe a " plurality of virtual network 
machines , wherein the plurality of virtual network machines are virtually independent but 
share a set of physical resources within the single network device" or "the plurality of 
virtual network machines is one of a virtual router and a virtual bridge , and wherein 
each of the plurality of virtual network machines belong to a network domain ..." 

The Applicant respectfully submits that the dependant claims 48-54 are allowable 
for at least the reason that they are dependent on allowable independent claim 47. 



ATTORNEY'S DOCKET NO. 4906.P001D 



35 



App.No. 10/020,388 



SUMMARY 



Applicant respectfully submits that the rejections have been overcome by the 
amendments and remarks, and that the Claims as amended are now in condition for 
allowance. Accordingly, Applicant respectfully requests the rejections be withdrawn and 
the Claims as amended be allowed. 

Invitation for a telephone interview 
The Examiner is invited to call the undersigned at 408-720-8300 (Pacific Time) 
if there remains any issue with allowance of this case. 

Charge our Deposit Account 
Please charge any shortage to our Deposit Account No. 02-2666. 

Respectfully submitted, 

BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP 

Date: % 2006 ^^^^ 

Eric S. Replogle 
Reg. No. 52,161 

12400 Wilshire Boulevard 
Seventh Floor 

Los Angeles, California 90025-1026 
(408) 720-8300 
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